Pomegra Wiki

Engagement Quality Review: What It Is and When It Is Required

An engagement quality review is an independent examination of significant audit judgments and audit conclusions by a senior partner or manager who was not involved in the audit itself. It is a required quality control procedure for complex, high-risk, or public company audits, designed to ensure the auditor’s conclusions are defensible before the audit opinion is released.

The purpose and mandate

The engagement quality review serves two audiences: the audit firm’s own quality assurance and the regulators who oversee auditing. From the firm’s perspective, it is a gate that prevents a low-quality or careless audit from reaching the client or the public. A fresh pair of eyes—someone not invested in meeting the timeline or in a particular set of conclusions—can spot gaps in evidence, questionable judgments, or unexamined assumptions that the primary audit team might have normalized.

From the regulator’s perspective (the PCAOB for public companies, and state boards of accountancy for other entities), the review reduces the risk that audit failures go undetected. If a company later collapses due to accounting fraud or misstatement, the regulator can examine whether the engagement quality reviewer asked the right questions and had access to sufficient evidence to identify the problem.

In practice, most engagement quality reviews endorse the audit as proposed. The review is not meant to be a second full audit; it is a focused quality gate. However, the possibility that a reviewer could reject or materially modify an audit conclusion incentivizes the primary team to do careful work upfront.

Which audits require an engagement quality review

The requirement varies by jurisdiction and client type:

  • Public companies (SEC registrants): Mandatory under PCAOB standards. Every audit of a public company must have an independent engagement quality review.
  • Large private companies and loan agreements: Many large private audits or audits required by lenders also trigger the requirement as a matter of firm policy or contractual obligation.
  • Regulated entities: Banks, insurance companies, pension funds, and other highly regulated industries often require engagement quality review even if they are private, because the risk to creditors, policyholders, or beneficiaries is high.
  • Complex transactions or judgments: An acquisition, a significant change in revenue recognition, or a material valuation estimate can trigger the requirement for a private company audit if the risk is elevated.
  • Smaller or routine audits: Not required to have an independent engagement quality review, though the firm may conduct one anyway as best practice.

Firms typically establish risk-based criteria. An audit of a startup with straightforward transactions might not need an engagement quality review. An audit of a manufacturing company with inventory valuation, foreign operations, and pending litigation almost certainly will.

Who conducts the review and what they must do

The reviewer must be independent of the audit engagement—not the engagement partner, not the in-charge auditor, and not someone who has direct responsibility for the audit conclusions. The reviewer is typically a partner or qualified manager (sometimes called a “concurring partner”) with relevant expertise in the client’s industry or the type of judgment being reviewed.

The reviewer examines:

  1. Significant accounting judgments: How did the auditor estimate the allowance for doubtful accounts receivable? Is the estimate based on recent default data and reasonable assumptions? Has the auditor challenged management’s estimate?
  2. Audit strategy and risk assessment: Did the auditor properly identify high-risk areas? Are audit procedures scaled to the risk? For example, if revenue recognition is high-risk, has the auditor sampled enough transactions and tested contracts thoroughly?
  3. Conclusions on complex areas: If goodwill was recognized in an acquisition, has the auditor satisfied itself that the purchase price allocation is reasonable and that the goodwill will not be impaired shortly after the acquisition?
  4. Compliance with accounting standards: Do the financial statements reflect the correct application of GAAP or IFRS? For example, if a contract involves performance obligations, has the auditor ensured the entity recognizes revenue at the correct point?
  5. Audit evidence and documentation: Are the work papers complete? Are audit conclusions supported by sufficient, relevant evidence? If the auditor concluded that an estimate is reasonable, is that conclusion documented with specific calculations or benchmarks?
  6. Regulatory and compliance matters: If the client faces pending investigations, regulatory changes, or litigation, are those matters adequately disclosed in footnotes?

The reviewer does not re-perform the audit procedures—that would be wasteful and defeat the purpose of a focused review. Instead, the reviewer examines the work papers, reads significant memos, and may conduct limited follow-up procedures if a conclusion seems unsupported.

Common findings and how reviewers respond

A typical engagement quality review may raise questions such as:

  • “The client’s estimate of warranty reserves appears to be based on 2019 historical data. Has the auditor considered whether the 2024 product mix or defect rates have shifted?” The reviewer may ask the team to obtain more recent data or justify why the old data is still appropriate.
  • “The auditor concluded that certain contingent liabilities do not require disclosure. But the lawsuit pending in federal court mentions damages of up to $50 million. Has the auditor obtained the legal opinion? If so, why does the memo only reference the oral communication?” The reviewer may require a formal legal letter.
  • “The entity recorded a large one-time gain on an asset sale. The auditor classified it as operating income, but the contract suggests this was a non-recurring item. Should it be disclosed separately?” The reviewer may propose a change to footnote disclosures or balance-sheet presentation.

If the reviewer’s concerns are minor, the engagement team typically adjusts the audit conclusions or disclosures, and the review is complete. If the reviewer raises material disagreements—for example, the auditor wants to approve the financials despite weak evidence for a major estimate—the reviewer can escalate within the firm or refuse to sign off. This refusal delays the audit opinion until the disagreement is resolved.

Documentation and the audit file

The engagement quality reviewer’s work papers become part of the audit file. The reviewer signs a form (often called a “concurrence form”) confirming that the review was completed, that the reviewer is satisfied with the evidence and conclusions, and that the reviewer found no material issues. The form and supporting memos are retained and are subject to inspection by auditors-of-auditors (PCAOB inspectors, SEC staff, or state board investigators).

If a subsequent scandal or restatement occurs, the regulator will scrutinize the engagement quality review. If the reviewer’s work papers show that they identified a risk or estimate as weak but did not follow up adequately, that is evidence of a quality failure. Conversely, if the reviewer’s papers show a thorough challenge and a supported conclusion, the reviewer and the firm have documented due care.

Practical timing and workflow

The engagement quality review is one of the last steps before the auditor’s opinion letter is signed. The primary audit team completes its work, summarizes conclusions in a disclosure checklist, and prepares the audit file. The firm then selects an engagement quality reviewer and schedules the review, typically lasting one to three weeks depending on complexity.

The reviewer may request the primary team to provide additional evidence, reconsider a conclusion, or expand a disclosure. The team responds, and the reviewer re-examines. Once the reviewer is satisfied, the review is finalized, and the engagement partner can sign the audit opinion.

This timing creates a hard deadline for the audit release. If the reviewer raises objections days before the client wants to announce earnings, tension can arise. However, auditing standards and the PCAOB’s inspection findings make clear that the reviewer’s authority is absolute—they can delay the opinion if needed, and pressuring a reviewer to sign off prematurely is a disciplinary offense.

The role in audit failure prevention

Engagement quality reviews have become more stringent in recent years as regulators have increased focus on audit quality. PCAOB inspection reports frequently identify engagements where the reviewer should have raised more questions or required more evidence. For example, in several audits of entities that later failed or restated, the reviewer’s work papers showed insufficient challenge of management estimates.

The review is not a guarantee of audit quality—no procedure is—but it significantly reduces the likelihood that careless work or poor judgment reaches the audit opinion. It also creates a second layer of liability for the firm: if the engagement quality reviewer signed off on a deficient audit, the firm is responsible not only for the primary team’s work but also for the reviewer’s failure to identify the problem.

See also

Wider context

  • Audit — the overarching process of which the engagement quality review is a part
  • 10-K — public company annual report for which engagement quality review is mandatory
  • Publicly Available Disclosure Checklist — document that summarizes audit conclusions for reviewer examination
  • Accounts Receivable — common area of audit judgment and reviewer focus